Ithimba labaphenyi kusuka ePeking University, Tsinghua University kanye neYunivesithi yaseTexas eDallas kukhishwe imininingwane mayelana umsebenzi wakho owenziwe ukukwazi ukubona isigaba esisha sokuhlaselwa kwe-DoS abasiqambe ngokuthi "RangeAmp" futhi okususelwe ekusetshenzisweni kwenhloko ye-Range HTTP ukuhlela ukukhuliswa kwethrafikhi ngenethiwekhi yokulethwa kokuqukethwe (CDN).
Ingqikithi yendlela into ukuthi, ngenxa ye-quirk yokucubungula izihloko zamaRange kuma-CDN amaningi, umhlaseli ingacela i-byte kufayela elikhulu nge-CDN, kepha i-CDN izolanda lonke ifayili noma ibhulokhi enkulu kakhulu yedatha kwiseva okuyiwa kuyo ukulondolozwa kwesikhashana.
Izinga lokukhulisa ithrafikhi ngesikhathi sokuhlaselwa kwalolu hlobo, ngokusho kwe-CDN, izikhathi ezingama-724 kuya kwezingama-43330, ezingasetshenziswa ukulayisha ngokweqile ithrafikhi ye-CDN engenayo noma ukunciphisa umkhawulokudonsa wesiteshi sokugcina sokuxhumana endaweni yesisulu.
Unhlokweni weRange uvumela iklayenti ukuthi linqume ububanzi bezikhundla kufayela okufanele ilayishwe esikhundleni sokubuyisa lonke ifayili.
Isibonelo, iklayenti lingacacisa "Ibanga: bytes = 0-1023" futhi iseva izodlulisa kuphela ama-byte ayi-1024 emininingwane. Lesi sici sifunwa kakhulu lapho ulanda amafayela amakhulu: umsebenzisi angamisa isikhashana ukulanda bese ekuqhubekisa kusuka endaweni ephazanyisiwe. Lapho kucaciswa i- "bytes = 0-0", indinganiso ichaza ukunikeza i-byte yokuqala efayeleni, "bytes = -1" - the last, "bytes = 1-" - from 1 byte to the end of the file. Ungadlula amabanga amaningi kunhlokweni owodwa, ngokwesibonelo "Ibanga: bytes = 0-1023.8192-10240".
Futhi, kwaphakanyiswa inketho yesibili yokuhlasela (kubizwa ukuhlaselwa kweRangeAmp Overlapping Byte Ranges (OBR), yakhelwe ukwandisa umthwalo wenethiwekhi lapho ithrafikhi idluliswa ngenye i-CDN, esetshenziswa njengommeleli (ngokwesibonelo, lapho i-Cloudflare isebenza njenge-frontend (i-FCDN) ne-Akamai isebenza njenge-backend (BCDN)). Le ndlela ifana nokuhlaselwa kokuqala, kepha yenziwe yaba ngaphakathi kwama-CDN futhi ikuvumela ukuthi wandise ithrafikhi lapho ufinyelela kwamanye ama-CDN, ukwandisa umthwalo kwingqalasizinda futhi wehlise nekhwalithi yesevisi.
Umqondo ngowokuthi umhlaseli athumele amabanga amaningi kusicelo sebanga le-CDN, njenge- "bytes = 0-, 0-, 0 - ...", "bytes = 1-, 0-, 0 - ..." noma "amabhayithi = - 1024,0-, 0 -…«.
Izicelo ziqukethe inani elikhulu lamabanga "0-", okusho ukubuya kwefayela kusuka ekuqaleni kuze kube sekupheleni. Ngenxa yokuhlukaniswa kwebanga okungelona lapho i-CDN yokuqala ibhekisa kweyesibili, ifayela eligcwele liyabuyiselwa ebhendi ngalinye le- "0-" (amabanga awahlanganisiwe, kepha ayalelwa ngokulandelana) uma ukuphindaphindeka kwebanga nokuphambana kwezindlela kukhona kusicelo sokuhlasela esithunyelwe ekuqaleni. Izinga lokukhulisa ithrafikhi ekuhlaselweni okunjalo lisuka ezikhathini ezingama-53 ziye kuma-7432.
Ucwaningo luhlolisise ukusebenza kwama-CDN ayi-13: Akamai, Alibaba Cloud, Azure, CDN77, CDNsun, Cloudflare, CloudFront, Fastly, G-Core Labs, Huawei Cloud, KeyCDN, StackPath, neTencent Cloud.
"Ngeshwa, yize besibathumela ama-imeyili kaningi futhi sizama ukuxhumana namakhasimende abo, iStackPath ayizange isinikeze mpendulo," kusho ithimba locwaningo.
“Kukonke, senze konke okusemandleni ethu ukubika ngokucophelela ubuthakathaka nokuhlinzeka ngezixazululo zokunciphisa. Abahlinzeki be-CDN abahlobene babe nezinyanga ezicishe zibe yisikhombisa basebenzise izindlela zokunciphisa ngaphambi kokuba lo mbhalo ushicilelwe. "
Onke ama-CDN abukeziwe avumela uhlobo lokuqala lokuhlaselwa kuseva ekhonjiwe. Uhlobo lwesibili lokuhlaselwa kwe-CDN kuvele ukuthi luvezwe izinsizakalo eziyi-6, ezine zazo ezingasebenza njengesibonisi ekuhlaselweni (i-CDN77, i-CDNsun, i-Cloudflare ne-StackPath) kanti ezintathu zisendimeni yokubuyela emuva (i-Akamai, i-Azure kanye neStackPath).
Inzuzo ephezulu itholakala ku-Akamai naseStackPath, ekuvumela ukuthi ukhombise ngaphezu kwamazinga angama-10 kusihloko seRank.
Abanikazi be-CDN baziswa ngakho yobuthakathaka cishe izinyanga eziyi-7 ezedlule futhi ngesikhathi sokudalulwa komphakathi kolwazi, ama-CDN ayi-12 kwayi-13 axazulula izinkinga ezihlonziwe noma aveza ukuzimisela kwazo ukuzixazulula.
Umthombo: https://www.liubaojun.org